I'm using a Raspberry Pi 4 (kernel 5.4.51-v7l+) as a router with nftables v0.9.0 (Fearless Fosdick). Routing between 9 subnets including a kind of DMZ works without any problems for several months.

Now I'm facing a problem with a PC in one subnet that needs access an Android App on a phone in another subnet (I'm using a separate subnet for the Raspberry Pi 4 as WLAN AP). The Android app sends a UDP broadcast to Port 24727 that the matching app on the PC should receive and use to display the available devices.

I already tried to use a small relay program on the router that listens on one subnet and forwards the received broadcasts to the PC. But of course this causes the PC to see the router as the source of this packet and although the phone is listed as an available device it is - as I expected - not possible to connect.

How can I forward a broadcast received from one subnet to another subnet (or to a single destination IP) using nftables? I tried e.g.

• iifname wlan0 udp dport 24727 log prefix "YYYYY:" dnat to 192.168.1.7
• iifname wlan0 udp dport 24727 log prefix "XXXXX:" ip daddr set 192.168.1.7

in the chain of type "nat" with hook "prerouting". I also added log entries "iifname wlan0 udp dport 24727 log prefix "ZZZZZ:"" to all chains but only got a hit in this prerouting table. I would have expected the forwarded packet to be visible in another chain but it did not show anywhere and on the destination subnet tcpdump also does not show it.

What would be the correct way to forward a UDP broadcast using nftables?